Wordpress Dozen: Tips, Tools and Plugins by Sue Polinsky
WordPress Dozen: Tips, Tools and Plugins
Sue Polinsky, ConvergeSouth 2013
This presentation contains graphics, text and trademarks
that are the property of their respective owners. No rights
in this presentation are transferred.
Some of us are married to lawyers.
Get the PDF at techtriad.com/convergesouth/
BE VERY SCARED!
Guess where most malware sites originate!
LET’S GET TO IT
Items marked with a red star
mean that if you are not an
uber-geek, server geek,
WordPress developer, or
Unix-smart, hire someone
Or lean on a friend.
Not all site owners can
perform all the tips, tricks,
and tools shown today.
1 - INSTALL WORDPRESS SECURELY
use the 5-minute WP
use the cheapest web
host you can find
update from public wifi
(if you do, change your
update plugins &
update WordPress core
ask a geek if you’re not
2 - USE CUSTOM LOGIN LINKS
Custom login link
So are the hackers.
Ask a geek to program a more secure
URL for your login.
Also consider Better WP Security plugin
(with several security options).
2 – USE STRONG PASSWORDS
Use a strong password.
Mix letters, characters, and numbers.
(see how that looks like “suerocks”?)
Get three strong passwords and rotate them through all your logins!
3 – KILL “admin”
Demoting the admin user is good.
Deleting the admin user is much better.
How to delete admin
1. Create a new account
with a unique name.
2. Set it to administrator.
3. Log out, log in with the
4. Go to All Users and
delete the admin
3 - TWO-FACTOR AUTHENTICATION
When logging in from an unfamiliar device, force a
txt verification to your phone to authenticate your
Consider this security for Google & FB logins.
Plugin: Consider Google
3 - USE A GOOD GREAT WEB HOST
You get what you pay for. Do you know?
1. How much you pay for hosting versus how
much angst you’d be in if the site were lost or
your server blacklisted?
2. How many of the host’s sites are blacklisted for
3. What version of server software they use or
how often they update it?
4. Who has access to account credentials?
4 – BEWARE FREE WORDPRESS THEMES
You get what you pay for.
The Internet used to be free & we trusted downloads
For-pay themes are called “Premium”
If you have a business or important personal site:
BUY A THEME from a trusted source & update it
DESIGN YOUR THEME in Photoshop and…
HIRE A GOOD FRONT-END DEVELOPER to build it
Make sure it’s RESPONSIVE (phones, tablets)
4 - FREE THEMES CAN BE EVIL
Use trusted theme developers
Of the 10 sites reviewed:
Safe = 1
Iffy = 1
Avoid = 8
4 –TRUSTED THEME DEVELOPERS
New WP themes have
more features than most
people can/will use.
New themes have
complex features and
Buy a theme, install
properly, and update.
Be wary of custom
5 - USE A CHILD THEME
Buy a theme. Install it. Customize it.
Update the theme and lose all your customization.
THE SOLUTION IS A CHILD THEME
Buy themes that work with child themes.
Install the theme as a child theme.
Update the parent when the theme is updated
(OBTW, are you checking for updates?)
Customizing happens in the child theme.
Better premium themes support child
6 – USE REMOTE SECURITY
There are services that monitor your WordPress
site and check for link injections & other bad
Free or Pro Version of SUCURI.net
Be alerted to malware/hacks
Pro version = $90/year (1 site)
Free version = checks WP core install,
find out where the last login came from,
if site is hacked can change passes, keys.
6 – SECURITY AND FILE PERMISSIONS
*Set the file and folder permissions (or at least know what it means)
7 – FRAMEWORKS & FEATURES
New themes contain new standard features.
Menu styles and shapes
Fancy sliders (Revolution, Viewport)
Shortcodes (learn or die!)
Custom post types
New page templates
Integration with online services
Woocommerce or other ecommerce integration
Frameworks manage these features.
7 – CUSTOM FRAMEWORKS
Frameworks are core systems that make it easy to do fancy things.
Most custom frameworks
are, well, custom.
Major WP updates mean
you need to update your
theme first (use a child
Some framework updates
break older features.
Frameworks prevent you
from switching to other
7 – BOOTSTRAP CSS FRAMEWORK
Bootstrap is a free collection of tools for creating websites and web
applications. A goal is to standardize some popular online tools.
Bootstrap is a popular mobile front-end framework
Used by NASA and MSNBC sites
Bootstrap is Open Source (@GitHub.com)
Encourages consistency across Internet tools
You can buy Bootstrap-built premium themes but the
purpose is to build on its core framework
Bootstrap also had a major upgrade recently that
cannot be applied to older Bootstrap sites
7 – FRAMEWORK FEATURES: SHORTCODES
Shortcodes are buttons you click to format on-screen
The most common example is buttons.
WordPress has built-in shortcodes
Built-in WordPress shortcodes
9 – PLUGIN “HEAVEN” RULES
10 – PLUGIN HELL
Free plugins eventually break your site.
Sally builds a plugin you like & install. Sally goes on
to other things. You update WordPress and can’t
log into your site.
Welcome to Plugin Hell!
• How long
• Last time
11 – SELL MORE SAFELY ONLINE
WooCommerce is becoming a popular WP
ecommerce plugin and is integrated with many
WooCommerce is audited by Sucuri. It’s free.
Pretty full ecommerce features & dozens of
11 – ECOMMERCE OPTIONS
For a few items, consider Jotform + PayPal
jotform.com (lots of new integrations)
iThemes - big splash with “Exchange” Simple
Ecommerce using PayPal or Stripe (free or pro)
Do you want to host ecommerce ON your site?
A full-service WP store? Try Shopify.
There are lots of ecommerce plugins. Choose wisely.
12 - BACKUP. PERIOD.
Backup on a schedule.
Backup before making changes.
Know what your hosting company backs up.
Send a copy of your backup to your cloud server.
WordPress has parts & pieces.
Know if they guarantee their backups.
If the server melts down, can they reinstall your site?
Cloud backup works with Dropbox, iCloud,
Skydrive, Box.net and others.
12 – BACKUP PREMIUM TOOLS
Backup Buddy is a plugin for
scheduled backups including
backup to cloud. Not cheap,
but what’s your site worth?
VaultPress High quality,
trusted backup solution.
Find Me Online
Dr. Sue Polinsky
President, TechTriad, Inc.
Twitter: @suepolinsky, techtriad